Category Archives: Information Security Compliance

Cybersecurity compliance articles

Security Policy Example – IRT Access & Authorization Policy

Policy Example   SunSpot Credit Union Computer Incident Response Team—Access & Authorization Policy   1.0       Policy Statement This policy applies to SunSpot Credit Union employees, temporary workers, contractors, and consultants who use or access SunSpot Credit Union information systems and computers.   2.0       Purpose/Objectives Definitions for this policy are as follows: SunSpot Credit Union: (SCU). Incident Response Team:… Read More »

Security Policy Example – Remote Access

  SunSpot Health Care Provider Remote Access Policy for Remote Workers & Medical Clinics   1.0       Policy Statement It is SunSpot Health Care Provider (SHCP) policy to protect Information Resources based on risk against accidental or unauthorized disclosure, modification, or destruction, and assure the Confidentiality, Integrity, and Availability (CIA) of clinic and patient data. Apply appropriate physical and… Read More »

Security Policy Template for Hand-Held Devices

Hand-Held Device use has become common place in today’s business environment to include company owned assets, and personal “Bring Your Own Device” (BYOD)’s. Security of Hand Held Devices normally spans over many of the other standard domains making it practical to treat them as a separate domain.. The SANS Reading Room article; Security Policy for the use of… Read More »

Primary Advantages of COBIT, ISO 27000, and NIST

The following is a list of the primary benefits of the COBIT, ISO 27000, and NIST frameworks: COBIT COBIT allows much broader scope and takes into account all IT management processes. Geared towards a method of successfully executing key policies and procedures. It is often used to tie together controls, technical issues and risks, within an organization. COBIT… Read More »

Framework and Policy Development Team

The IT security policy framework is the foundation of an organizations information security program. The framework consists of a library of documents, but is just not a collection of documents. The framework and its documents are used to build an organizations processes, determine appropriate technologies to use, and lay the foundation for policy enforcement. The framework is a… Read More »

Bring Your Own Device (BYOD) Policies and Practices

Bring Your Own Device (BYOD): Organizations allowing employees to use their own personal devices such as smart phone and tablets to conduct organization business. The SANS Reading Room article, SANS Survey on Mobility/BYOD Security Policies and Practices found that 61% of organizations allowed personal devices to connect to protected company systems, but only 9% of organizations were truly… Read More »

Implementing Security Policies in Flat and Hierarchical Management Structures

When considering the implementation of security policies, an organization must also consider how employee behavior often varies depending on whether the organization uses a flat or hierarchical management structure. In flat organizations, there are less layers between management and employees so decisions and problem solving generally happens faster and at a lower level. Smaller organizations tend to be… Read More »

Ethics Related to the Collection of Information. Who Benefits?

Ethics Related to the Collection of Information The following are ethics that must be addressed when information systems are designed, and how they relate to the Confidentiality, Integrity, Availability (CIA) security concept. The first concern related to ethics is; who benefits from the information collected? The applicable area of the CIA security triad is confidentiality. Information collected for… Read More »

Information Security Publication Comparison

Information Security Publication Comparison Chart comparing major sections of the USPS Handbook AS-805 – Information Security to NIST Special Publications; 800-12, 800-14, 800-18, 800-26, and 800-30. Handbook AS-805 – Information Security (USPS, 2015) NIST Special Publications Introduction: Corporate Information Security Generally Accepted System Security Principles (NIST SP 800-14) Security Roles and Responsibilities System Security Plan Responsibilities (NIST SP… Read More »